1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5894-1] jetty9 security update

    From Markus Koschany@21:1/5 to All on Sat Apr 5 00:50:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5894-1 [email protected] https://www.debian.org/security/ Markus Koschany
    April 05, 2025 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : jetty9
    CVE ID : CVE-2024-6762 CVE-2024-8184 CVE-2024-9823
    Debian Bug : 1085697

    Jetty 9 is a Java based web server and servlet engine. Several security vulnerabilities have been discovered which may allow remote attackers to cause a denial of service by repeatedly sending crafted requests which can trigger OutofMemory errors and exhaust the server's memory.

    CVE-2024-6762: In addition PushSessionCacheFilter and PushCacheFilter have been deprecated. These classes should no longer be used in a production environment.

    For the stable distribution (bookworm), these problems have been fixed in version 9.4.57-0+deb12u1.

    We recommend that you upgrade your jetty9 packages.

    For the detailed security status of jetty9 please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/jetty9

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmfwXTtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRrjw/+KDRtezBQzD2MBhWt7GzKPF27qyC+BwgSKWWzrJYTUTy0iU+Ugfd9X3Q6 6OpRa8Uigw5urITrmbH1Bgz1m3OMah3HdYAdGQVLgixAek0Da0eRxyAkFj/7D185 Y0He/8EDbdn2nWsPijjbI7kxnoccs6bWM/du7HM5XQnO2Z1TP0aLv79q7mywMyX9 55PwlfYQbG+O05B83P6fmTkfY8BjRK4cEjxGOPtbIqVyi6B6NjhtxQzzD23rK0RK uTvbkl3y2OjddMjHcQyYxpF7+yOwt809hsiQA0gYzu716FqmtEeaM7O43rQo29Uu nj5/vsgOA4k8N3rsmA4JgzJhetw8HJNNZAVLs/xD4q+bKaVKyxHC3m/s8ooOoebR AOZohAhF+s4b34xSHzJtH+Ov4GqYlKlHQ0RVmvLihF6JJlQmfrUJkhNZB4RnkWXS MFdbes3HlyzWLR2iaTSzQHCXVsXMFfl09QFoD4QIEhdB/z5lJ8NIozIdb9N69L/I pZyeLr1AbmeoHZaJqzlwMw9tWOyQCqLlNQOuP4ngI4pD/rRE1BDGNBRj8j8rHyn8 TBDzP+Qi///3YFqfyKhAuefImIP8BOoET8p3dWTM+vKR/EZEXIiHBDjS8hqBPs9K pW3U0R43xFVfJhbgI7B9UIyfJkoJhZIMToAGs/OMCyQkjjA1IrA=
    =5uco
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)